You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+33-8Lines changed: 33 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,10 +2,16 @@
2
2
3
3
API backend for [Programming Buddies](https://github.com/ProgrammingBuddies/programmingbuddies-ui) (projects management)
4
4
5
+
## API documentation
6
+
The documentation is dynamically generated by the server using [Swagger](https://swagger.io) and [Swagger UI](https://swagger.io/tools/swagger-ui/)
7
+
- To view the documentation run the server using one of the set up guides below and then head to `/docs` endpoint
8
+
- e.g. https://localhost:5001/docs for local development
9
+
5
10
## Set up guide: The simple way
6
11
7
12
- Set up your [environment](#environment)
8
13
- Install [docker-compose](https://docs.docker.com/compose/install/) and do `docker-compose up`
14
+
- for information on how to authenticate for the API, see [authentication](#authentication)
9
15
10
16
## Set up guide: The 'bothersome' way
11
17
@@ -25,6 +31,7 @@ Requirements:
25
31
Run the server:
26
32
-`pipenv run python src/runserver.py`
27
33
- Run with flag `--reset-db` to drop and recreate all tables on start
34
+
- For information on how to authenticate for the API, see [authentication](#authentication)
28
35
29
36
## Environment
30
37
@@ -36,19 +43,37 @@ Run the server:
36
43
- Create a new one and set the homepage url to `https://localhost:5001/` and Authorization callback to `https://localhost:5001/login/github/authorized`
37
44
- Copy the Client Id and Client Secret from that site and save them in `.env` as `GITHUB_ID` and `GITHUB_SECRET` respectively
38
45
4. Furthermore a `JWT_SECRET_KEY` is required for signing the JWT-tokens
46
+
- Pick a strong passphrase so that attackers can't brute-force it and sign tokens distinguishing as your server
39
47
40
48
Your `.env` file should now look something like [example.env](https://github.com/ProgrammingBuddies/programmingbuddies-api/blob/develop/example.env)
41
49
42
-
### Testing
50
+
## Authentication
51
+
- To authenticate you have to specify several attributes
52
+
-`account` - currently `github` is the only supported value
53
+
-`username` - your username of account on specified platform in the previous point
54
+
-`redirect` - url where should you be redirected after authenticating with OAuth
55
+
- Put it all these together `https://<url:port>/<login-or-register>?account=<account>&username=<username>&redirect=<redirect>`
56
+
- e.g.: `https://localhost:5001/<login-or-register>?account=github&username=freddy&redirect=https://localhost:5001` will `login-or-register` using GitHub account with name `freddy` while developing local with the server hosted on `localhost:5001`
57
+
- You will be redirected to the specified url and get data with it
58
+
- If the request **failed** - when logging in and user was not registered (user not found in the database) or there was any internal error, you will get an error message and code
59
+
- If the request **succeeded** - you will get a JWT `token` in the URL, that is what you need to authenticate
60
+
- Add to your requests `Authorization` header with a value `Bearer <token>` where you replace `<token>` with your `token` acquired in the step above
61
+
#### Login
62
+
-`/login` route logs in if the user exists in the database, otherwise returns a error message and code in the URL
-`/register` route either logs in if the user exists in the database or registers (creates) a new user, in case of failure returns a error message and code in the URL
0 commit comments